OASIS PKCS 11 TC

Document Name : pkcs11-base-v3.0-csprd02-wd02.docx Description Updated PKCS#11 3.00 Base Specification as per version 7 of the analysis file. Download Latest Revision Public Download Link Submitter : Mr. Dieter Bong Group : OASIS PKCS 11 TC Folder : Working Drafts Date submitted : 2019-11-08 03:06:59

Hello all, first of all, let me introduce myself if I did not do that earlier. My name is Jakub from Red Hat and I am mostly working on OpenSC -- the open source smart cards tools and middleware. I am following the WG for over two years, but missing the meetings mostly because they are outside of my working hours here in Europe. At this moment, I am looking to implement the PKCS#11 3.0 in OpenSC so I will try to collect my comments from the documents before they will be out. - Section 5, Table 30, The function C_LoginUser is still missing description in the table (lists only ??????). - Section 5.11, 5.14, 5.15, 5.16 headers are inconsistently capitalized: * Message-Based Decryption Functions * Message-Based Signing and MACing Functions * Message-Based Functions for Verifying Signatures and MACs (not in sync with other headers in this section) - The line 6151 lists example RSA key generation with 768 bits. I think in 2019 this should not be even in examples and should be replaced with at least 2048 (or 3k as recommended these days). Regards, Jakub On Fri, 2019-11-08 at 11:07 +0000, Dieter Bong wrote: > ----------------- > Document Name: pkcs11-base-v3.0-csprd02-wd02.docx > Description > Updated PKCS#11 3.00 Base Specification as per version 7 of the > analysis > file. > View Details: > https://www.oasis-open.org/apps/org/workgroup/pkcs11/document.php?document_id=66194 > Download Latest Revision: > https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/66194/latest/pkcs11-base-v3.0-csprd02-wd02.docx > Public Download Link: > https://www.oasis-open.org/committees/document.php?document_id=66194&wg_abbrev=pkcs11 > ----------------- > Submitter: Mr. Dieter Bong > > Group: OASIS PKCS 11 TC > Folder: Working Drafts > Date submitted: 2019-11-08 03:06:59 > > > ----------------- > > -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.

Hello Jakub, thank you very much for your feedback. As these are all easy to fix and don't constitute material changes, Daniel has incorporated them into our current working draft. The next version, which we will upload latest next Monday, will have these issues fixed. Thanks, and have a good weekend, Dieter
Original Message----- From: Jakub Jelen <jjelen@redhat.com> Sent: Freitag, 29. November 2019 13:28 To: Dieter Bong <Dieter.Bong@utimaco.com>; pkcs11@lists.oasis-open.org Subject: Re: [pkcs11] Groups - pkcs11-base-v3.0-csprd02-wd02.docx uploaded Hello all, first of all, let me introduce myself if I did not do that earlier. My name is Jakub from Red Hat and I am mostly working on OpenSC -- the open source smart cards tools and middleware. I am following the WG for over two years, but missing the meetings mostly because they are outside of my working hours here in Europe. At this moment, I am looking to implement the PKCS#11 3.0 in OpenSC so I will try to collect my comments from the documents before they will be out. - Section 5, Table 30, The function C_LoginUser is still missing description in the table (lists only ??????). - Section 5.11, 5.14, 5.15, 5.16 headers are inconsistently capitalized: * Message-Based Decryption Functions * Message-Based Signing and MACing Functions * Message-Based Functions for Verifying Signatures and MACs (not in sync with other headers in this section) - The line 6151 lists example RSA key generation with 768 bits. I think in 2019 this should not be even in examples and should be replaced with at least 2048 (or 3k as recommended these days). Regards, Jakub On Fri, 2019-11-08 at 11:07 +0000, Dieter Bong wrote: > ----------------- > Document Name: pkcs11-base-v3.0-csprd02-wd02.docx > Description > Updated PKCS#11 3.00 Base Specification as per version 7 of the > analysis file. > View Details: > https://www.oasis-open.org/apps/org/workgroup/pkcs11/document.php?docu > ment_id=66194 > Download Latest Revision: > https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/6619 > 4/latest/pkcs11-base-v3.0-csprd02-wd02.docx > Public Download Link: > https://www.oasis-open.org/committees/document.php?document_id=66194&w > g_abbrev=pkcs11 > ----------------- > Submitter: Mr. Dieter Bong > > Group: OASIS PKCS 11 TC > Folder: Working Drafts > Date submitted: 2019-11-08 03:06:59 > > > ----------------- > > -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc. ________________________________ Utimaco IS GmbH Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com Seat: Aachen Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496 496 Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.

Thank you, just today I noticed one more typo in the mechanism specification. It lists XEDDA instead of XEDDSA on line 3151 of the wd05. Regards, Jakub On Fri, 2019-11-29 at 14:12 +0000, Dieter Bong wrote: > Hello Jakub, > > thank you very much for your feedback. As these are all easy to fix > and don't constitute material changes, Daniel has incorporated them > into our current working draft. The next version, which we will > upload latest next Monday, will have these issues fixed. > > Thanks, and have a good weekend, > Dieter > >
Original Message----- > From: Jakub Jelen <jjelen@redhat.com> > Sent: Freitag, 29. November 2019 13:28 > To: Dieter Bong <Dieter.Bong@utimaco.com>; > pkcs11@lists.oasis-open.org > Subject: Re: [pkcs11] Groups - pkcs11-base-v3.0-csprd02-wd02.docx > uploaded > > Hello all, > first of all, let me introduce myself if I did not do that earlier. > My name is Jakub from Red Hat and I am mostly working on OpenSC -- > the open source smart cards tools and middleware. > > I am following the WG for over two years, but missing the meetings > mostly because they are outside of my working hours here in Europe. > At this moment, I am looking to implement the PKCS#11 3.0 in OpenSC > so I will try to collect my comments from the documents before they > will be out. > > - Section 5, Table 30, The function C_LoginUser is still missing > description in the table (lists only ??????). > > - Section 5.11, 5.14, 5.15, 5.16 headers are inconsistently > capitalized: > * Message-Based Decryption Functions > * Message-Based Signing and MACing Functions > * Message-Based Functions for Verifying Signatures and MACs > (not in sync with other headers in this section) > > - The line 6151 lists example RSA key generation with 768 bits. I > think in 2019 this should not be even in examples and should be > replaced with at least 2048 (or 3k as recommended these days). > > Regards, > Jakub > > On Fri, 2019-11-08 at 11:07 +0000, Dieter Bong wrote: > > ----------------- > > Document Name: pkcs11-base-v3.0-csprd02-wd02.docx > > Description > > Updated PKCS#11 3.00 Base Specification as per version 7 of the > > analysis file. > > View Details: > > https://www.oasis-open.org/apps/org/workgroup/pkcs11/document.php?docu > > ment_id=66194 > > Download Latest Revision: > > https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/6619 > > 4/latest/pkcs11-base-v3.0-csprd02-wd02.docx > > Public Download Link: > > https://www.oasis-open.org/committees/document.php?document_id=66194&w > > g_abbrev=pkcs11 > > ----------------- > > Submitter: Mr. Dieter Bong > > > > Group: OASIS PKCS 11 TC > > Folder: Working Drafts > > Date submitted: 2019-11-08 03:06:59 > > > > > > ----------------- > > > > > -- > Jakub Jelen > Senior Software Engineer > Security Technologies > Red Hat, Inc. > > > > ________________________________ > > Utimaco IS GmbH > Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, > www.utimaco.com > Seat: Aachen Registergericht Aachen HRB 18922 > VAT ID No.: DE 815 496 496 > Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, > Dr. Frank J. Nellissen CFO > > This communication is confidential. If you are not the intended > recipient, any use, interference with, disclosure or copying of this > material is unauthorised and prohibited. Please inform us immediately > and destroy the email. -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.